<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title></title>
	<link rel="stylesheet" type="text/css" href="http://paranoid.net.cn/semantic.css" >
</head>
<body>
<chapter-title-en>5 SGX PROGRAMMING MODEL</chapter-title-en>
<chapter-title-ch>5 SGX编程模型</chapter-title-ch>

<p-en>
	The central concept of SGX is the enclave, a protected environment that contains the code and data pertaining to a security-sensitive computation.
</p-en>
<p-ch>
	SGX的核心概念是飞地，这是一个受保护的环境，其中包含与安全敏感计算有关的代码和数据。
</p-ch>
<p-en>
	SGX-enabled processors provide trusted computing by isolating each enclave's environment from the untrusted software outside the enclave, and by implementing a software attestation scheme that allows a remote party to authenticate the software running inside an enclave. SGX's isolation mechanisms are intended to protect the confidentiality and integrity of the computation performed inside an enclave from attacks coming from malicious software executing on the same computer, as well as from a limited set of physical attacks.
</p-en>
<p-ch>
	启用SGX的处理器通过将每个飞地的环境与飞地外的不信任软件隔离，并通过实施软件认证计划，允许远程方对飞地内运行的软件进行认证，从而提供可信计算。SGX的隔离机制旨在保护飞地内进行的计算的保密性和完整性，使其不受来自同一计算机上执行的恶意软件的攻击，以及有限的物理攻击。
</p-ch>
<p-en>
	This section summarizes the SGX concepts that make up a mental model which is sufficient for programmers to author SGX enclaves and to add SGX support to existing system software. Unless stated otherwise, the information in this section is backed up by Intel's Software Developer Manual (SDM). The following section builds on the concepts introduced here to fill in some of the missing pieces in the manual, and analyzes some of SGX's security properties.
</p-en>
<p-ch>
	本节总结了SGX概念，这些概念构成了一个心理模型，足以让程序员编写SGX飞地，并将SGX支持添加到现有系统软件中。除非另有说明，本节中的信息以英特尔的《软件开发人员手册》（SDM）为支撑。下面一节以这里介绍的概念为基础，填补了手册中的一些缺失，并分析了SGX的一些安全属性。
</p-ch>

</body>
</html>	